Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2204

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-2204
Last Modified 05 Sep 2008 04:43:29
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-2204

Summary

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.

Vulnerable Systems

Application

  • Macromedia Coldfusion 6.0

  • Macromedia Coldfusion 6.1


References

XF - coldfusion-gain-access(17567)

BID - 11364

BUGTRAQ - 20040930 CFMX vulnerability

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html

SECUNIA - 12693


Last Updated: 27 May 2016 10:39:23